On January 18, 2023, Yum! Brands, Inc. announced a ransomware attack that impacted certain information technology systems. Promptly upon detection of the incident, the Company initiated response protocols, including deploying containment measures such as taking certain systems offline and implementing enhanced monitoring technology. The Company also initiated an investigation, engaged the services of industry-leading cybersecurity and forensics professionals, and notified Federal law enforcement. Less than 300 restaurants in the United Kingdom were closed for one day, but all stores are now operational. The Company is actively engaged in fully restoring affected systems, which is expected to be largely complete in the coming days. Although data was taken from the Company’s network and an investigation is ongoing, at this stage, there is no evidence that customer databases were stolen. While this incident caused temporary disruption, the Company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results.

Forward-Looking Statements
This release includes statements which may constitute forward-looking statements made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, the accuracy of which are necessarily subject to risks, uncertainties, and assumptions as to future events that may not prove to be accurate. These statements include, but are not limited to, express or implied forward-looking statements relating to our expectations regarding our ability to contain and assess the ransomware attack and the impact of the ransomware attack on our operations and financial results. These statements are neither promises nor guarantees, but are subject to a variety of risks and uncertainties, many of which are beyond our control, which could cause actual results to differ materially from those contemplated in these forward-looking statements. Factors that could cause actual results to differ materially from those expressed or implied include the ongoing assessment of the ransomware attack, legal, reputational and financial risks resulting from cyberattacks, including the ransomware attack, the effectiveness of business continuity plans during the ransomware attack, and the other factors discussed in our most recent Annual Report on Form 10-K and other filings with the Securities and Exchange Commission. The Company undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, future events, or otherwise, except as may be required under applicable securities law.